4 matches found
jenkins-2-plugins: matrix-project plugin path traversal vulnerability
A flaw was found in The Matrix Project Plugin for Jenkins, which does not sanitize user-defined axis names of multi-configuration projects submitted through the config.xml REST API endpoint. This issue may allow attackers with Item/Configure permission to create or replace any config.xml file on...
CVE-2024-23900
Jenkins Matrix Project Plugin 822.v01b8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by...
Code injection
Jenkins Matrix Project Plugin 822.v01b8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by...
CVE-2024-23900
Jenkins Matrix Project Plugin 822.v01b8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by...